PDF malware analysis — malicious · bc0c3906b62e7ef3

MALICIOUS

PDF

6.2 KB

MD5: 4f37e9d65e23ec7de7170845f3020bb5 SHA-1: 5b73e39fdf05b539548aa63affbdac0505c736dc SHA-256: bc0c3906b62e7ef3f36ad7ed2689d3bab738cf4b005f17809bd707cfe45d6ec3

76 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 JavaScript/JScript

The PDF file contains embedded and obfuscated JavaScript, as indicated by the PDF_JAVASCRIPT and PDF_JS heuristics. ClamAV also flagged it as Heuristics.PDF.ObfuscatedNameObject, suggesting a deliberate attempt to hide malicious code. The primary attack pattern involves leveraging JavaScript execution within the PDF to achieve a malicious outcome, likely downloading or executing a secondary payload.

Heuristics 3

ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION

ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.